Fintech 2025

CZECH REPUBLIC Law and Practice Contributed by: Ondřej Mikula, Jan Šovar and Markéta Klabouchová, FINREG PARTNERS

2.6 Jurisdiction of Regulators The Czech National Bank (the “CNB” ) regulates all financial industry participants and oversees them from prudential and conduct of business perspectives. In addition to the CNB, the Finan - cial Analytical Office (the “FAO” ) handles AML/ CFT supervision and does so jointly with the CNB when it comes to financial service provid - ers. Authorities in the Czech Republic also co-oper - ate with European regulators such as the Euro - pean Central Bank (the “ECB” ), the European Banking Authority (the “EBA” ), the European Securities and Markets Authority (the “ESMA” ) and the European Insurance and Occupational Pensions Authority (the “EIOPA” ), which oversee specific areas and directly supervises certain entities. 2.7 No-Action Letters It is not common for the CNB or other regula - tors in the Czech Republic to issue “no-action” letters. 2.8 Outsourcing of Regulated Functions Outsourcing of regulated functions to external service providers is permitted provided that the relevant regulatory requirements are met. While specific rules depend on the activity and its scope (eg, investment or payment services), general principles stem mainly from MiFID II, PSD2, relevant outsourcing guidelines adopt - ed at EU level, such as the EBA Guidelines on outsourcing arrangements (EBA/GL/2019/02), the ESMA Guidelines on outsourcing to cloud service providers (ESMA50-157-2403), and the implementing domestic laws. In general, regulated entities must assess out - sourcing risks beforehand through due diligence to ensure the provider has the necessary skill,

experience and resources. They must also main - tain a written outsourcing policy and ensure arrangements do not compromise their legal obligations or supervision by the authorities. A written contract with mandatory provisions (eg, data security, audit rights, termination clause) is required, with stricter rules for critical functions like risk management, ICT or AML. From January 2025, new ICT outsourcing rules, including third-party risk monitoring, will apply to most regulated financial institutions. 2.9 Gatekeeper Liability In general, fintech providers’ liability arises from AML/CFT legislation, as most fintech activities fall within its scope. Providers must comply with requirements like customer identification, due diligence and monitoring of customer relation - ships. Additionally, large fintech companies may be subject to additional obligations if designated as “gatekeeper” under the Digital Markets Act (the “DMA” ) (Regulation 2022/19). 2.10 Significant Enforcement Actions The CNB can impose various sanctions, with the most significant being the revocation of licenc - es for inactivity over six months or serious legal breaches. In recent years, the CNB has sanc - tioned fintech companies for violations related to investment funds and management companies, investment and payment services and AML/ CFT rules. The CNB also publishes all or some of its decisions, using “naming and shaming” to increase transparency.

180 CHAMBERS.COM

Powered by